3

During a production launch I need one subdomain, beta.foo.bar.com, to begin redirecting all requests to foo.bar.com.

AWS suggests using an S3 bucket set up for static website hosting and configured to redirect all requests to another domain. This works fine for http, but https requests to beta.foo.bar.com time out since S3 cannot seem to handle https.

Both DNS records are A Aliases to CloudFront distributions which in turn have their own CNAME records that ultimately point to ELBs. This was set up by someone who's now gone and I confess I don't yet know enough about CloudFront distributions/origins. Is there some possible combination of CloudFront distribution/origin/CNAME that can handle http, https, and redirection?

Note: The app itself can receive http but rewrites to https with an ebextension; it may be possible to make the redirect happen there but I'd much prefer to resolve it on AWS.

adion
  • 31
  • 1
  • 4
  • 1
    If you are using cloudfront, cloudfront *must* handle the SSL, otherwise it will not be able to cache anything that accessed via SSL. – jordanm Jan 14 '18 at 00:57

3 Answers3

1

I don't like to use too much fancy AWS trickery, so I'd just setup an ALB (and have it do HTTPS) and then setup EC2 instances in an ASG with a tiny static nginx config that redirected to the other domain. The benefit of this approach is that it applies almost without modification to any other cloud provider out there, for when something else is determined to be the new hawtness next year.

If you're determined to go all-AWS, though, IIRC the preferred approach for SSL-in-front-of-S3 is to have the SSL done by CloudFront, which points to an S3 bucket, which then would presumably do the redirect. I've never tried it, so maybe CloudFront will eat the redirect or do something else unhelpful, but it's probably worth a shot.

womble
  • 96,255
  • 29
  • 175
  • 230
1

This is very simple to implement.

  1. For CloudFront, make sure the SSL certificate that you are using has both domain names. If not, regenerate it and attach to both CloudFront distributions.
  2. Wait while CloudFront reconfigures itself.
  3. Retest that both domains still work correctly.
  4. In Route 53 (or your DNS provider) change the ALIAS record for beta.foo.bar.com to point to the CloudFront distribution for foo.bar.com

DNS will take a while for the world to update their records (numerous DNS server do not follow TTL if it is set short) so plan ahead.

Test from another system that has never been to either of your domain names and verify that everything works while DNS updates globally.

John Hanley
  • 4,754
  • 1
  • 11
  • 21
0

Thanks all f or the help. Turns out this is exceedingly simple. All I had to do was, in beta.foo's CloudFront distribution, add the redirecting S3 bucket as an origin, then edit the default behavior to use that origin instead of the ELB endpoint. No need to change DNS or even force http->https in CloudFront. The redirect took effect immediately even while CloudFront was re-deploying.

adion
  • 31
  • 1
  • 4